UBUNTU-CVE-2022-24836

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri = 1.13.4. There are no known workarounds for this issue...

CVE-2022-24836

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri = 1.13.4. There are no known workarounds for this issue...

Nokogiri 安全漏洞

Nokogiri is an open source software library for parsing HTML and XML in Ruby. A security vulnerability exists in versions prior to Nokogiri 1.13.4 that stems from its susceptibility to excessive backtracking when attempting to detect encoding in HTML documents...

PT-2022-4890

Name of the Vulnerable Software and Affected Versions Nokogiri versions prior to 1.13.4 Description The issue is related to an inefficient regular expression in the Nokogiri library, which can lead to excessive backtracking when detecting encoding in HTML documents. This can be exploited by a...

CVE-2022-1100

A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 13.1 prior to 14.7.7, 14.8.0 prior to 14.8.5, and 14.9.0 prior to 14.9.2. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks for certain user...

UBUNTU-CVE-2022-1100

A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 13.1 prior to 14.7.7, 14.8.0 prior to 14.8.5, and 14.9.0 prior to 14.9.2. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks for certain user...

PT-2022-13660 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.1 through 14.7.7 GitLab CE/EE versions 14.8.0 through 14.8.5 GitLab CE/EE versions 14.9.0 through 14.9.2 Description: A potential DOS issue was discovered in GitLab CE/EE. The API to update an asset as a link from a...

OESA-2022-1553 rubygem-websocket-extensions security update

Generic extension manager for WebSocket connections. Security Fixes: websocket-extensions ruby module prior to 0.1.5 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content ...

Ruby: ReDoS in Psych

The Psych library in Ruby was found to have a ReDoS Regular Expression Denial of Service vulnerability in the parsing of time strings. The vulnerability was identified in the regular expression used to extract date and time information from the input string. The regular expression was susceptible...

ruby: Regular expression denial of service vulnerability of WEBrick's Digest authentication

WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network...

marked denial of service vulnerability

marked is a Markdown parser and compiler written in JavaScript. marked contains a security vulnerability that could be exploited by an attacker to cause a catastrophic backtracking of certain strings and lead to a denial of service DoS...

Regular Expression Denial Of Service (ReDoS)

marked is vulnerable to regular expression denial of service. An attacker is able to induce the system into backtracking by injecting a maliciously crafted string via a variable inline.reflink search...

Regular Expression Denial Of Service (ReDoS)

marked is vulnerable to regular expression denial of service. An attacker is able to induce the system into backtracking by injecting a maliciously crafted string via a variable block.def...

Inefficient Regular Expression Complexity in marked

Impact What kind of vulnerability is it? Denial of service. The regular expression block.def may cause catastrophic backtracking against some strings. PoC is the following. javascript import as marked from "marked"; marked.parsex:$' '.repeat1500x $' '.repeat1500 x; Who is impacted? Anyone who run...

GHSA-RRRM-QJM4-V8HF Inefficient Regular Expression Complexity in marked

Impact What kind of vulnerability is it? Denial of service. The regular expression block.def may cause catastrophic backtracking against some strings. PoC is the following. javascript import as marked from "marked"; marked.parsex:$' '.repeat1500x $' '.repeat1500 x; Who is impacted? Anyone who run...

CVE-2022-21681

Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression inline.reflinkSearch may cause catastrophic backtracking against some strings and lead to a denial of service DoS. Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a...

DEBIAN-CVE-2022-21681

Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression inline.reflinkSearch may cause catastrophic backtracking against some strings and lead to a denial of service DoS. Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a...

marked 安全漏洞

marked is a Markdown parser and compiler written in JavaScript. marked contains a security vulnerability that could be exploited by an attacker to cause a catastrophic backtracking of certain strings and lead to a denial of service DoS...

CVE-2022-21680 Cubic catastrophic backtracking (ReDoS) in marked

Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression block.def may cause catastrophic backtracking against some strings and lead to a regular expression denial of service ReDoS. Anyone who runs untrusted markdown through a vulnerable version of marked and does...

CVE-2022-21681 Exponential catastrophic backtracking (ReDoS) in marked

Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression inline.reflinkSearch may cause catastrophic backtracking against some strings and lead to a denial of service DoS. Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a...